Operation Manual
Configuring Network Security Network Security
Configuration Guide
543
server and send them to the client. The authenticator allows authenticated clients to
access the LAN through the connected ports but denies clients from accessing the LAN
through the unauthenticated ports.
Authentication Server
The authentication server is usually the host running the RADIUS server program. It stores
information of clients, confirms whether a client is legal and informs the authenticator
whether a client is authenticated.
AAA
AAA stands for authentication, authorization and accounting. On TP-Link switches,
this feature is mainly used to authenticate the users trying to log in to the switch or get
administrative privileges. The administrator can create guest accounts and an Enable
password for other users. The guests do not have administrative privileges without the
Enable password provided.
AAA provides a safe and efficient authentication method. The authentication can be
processed locally on the switch or centrally on the RADIUS/TACACS+ server(s). As the
following figure shows, the network administrator can centrally configure the management
accounts of the switches on the RADIUS server and use this server to authenticate the
users trying to access the switch or get administrative privileges.
Figure 1-3 Network Topology of AAA
RADIUS Server
Users Switches